XPC Communication
In order to make calls to the JAMF binary, you will need privilege escalation and a secure way to communicate with the binary. The enrollment application utilizes a helper binary to facilitate this. The shared protocol between the helper binary and parent enrollment app allow for executing a policy event trigger string similar to how you might execute it directly:
jamf policy event -triggerString
To securely tie the parent application to the helper allowing for the command to pass, you will need to set up anchor keys.
- Make sure your build targets all have proper signing certificates assigned in the Build Settings/General tab.
- Build copies of each target. You will need the build path the enrollment app target for step 5.
- Download a copy of the SMJobBlessUtil from Apple.
- Copy the python tool to the root of your project folder.
- From the terminal navigate to the root of your project folder and run the following :
./SMJobBlessUtil.py setreq /the/path/to/a/buildCopyOfYourApp enrollment/enrollment/Info.plist enrollment/PrivilegedCommandsHelper/PrivilegedCommandsHelper-Info.plist
This should create anchor keys in both the Info.plist for the app and -Info.plist of the helper. You can validate that the certificates are properly matching using the check option of the Utility:
./SMJobBlessUtil.py check /the/path/to/a/buildCopyOfYourApp
A blank return means success, but generally we are looking to see that no messages are present for a certificate mismatch. You can also see the anchor keys present in Xcode by looking at the corresponding property lists.
from enrollment.app Info.plist:
from PrivilegedCommandsHelper-Info.plist:
